Security startup Codewall claimed its autonomous AI agent breached McKinsey's internal AI platform 'Lilli' in just two hours during a controlled test. The agent exploited an unauthenticated API endpoint and a SQL injection flaw to access the production database. The system exposed 46.5 million chat messages, 57,000 user accounts and 58,000 Word documents, among other data.